Improper certificate validation in the Amazon Athena ODBC driver prior to version 2.0 allows attackers to perform Man-in-the-Middle (MitM) attacks during identity provider authentication.

The driver's identity provider connection components do not correctly validate the digital certificates presented by the IdP. This unauthenticated flaw allows a network-positioned attacker to present a fraudulent certificate, which the driver will incorrectly trust.

Failure to validate certificates exposes sensitive authentication traffic to Man-in-the-Middle attacks. Attackers can intercept, decrypt, and modify communication between the driver and the identity provider, leading to the theft of credentials and unauthorized access to Amazon Athena data. The CVSS score of 7.4 indicates a High severity risk to data confidentiality and integrity.

Immediate Action: Upgrade the Amazon Athena ODBC driver to version 2.0 or later to ensure proper certificate validation logic is enforced.

Proactive Monitoring: Inspect network traffic for unusual certificate authorities or self-signed certificates appearing in connections to identity providers.

Compensating Controls: Ensure the use of encrypted tunnels (VPNs) and secure network segments for all administrative and data-access traffic to reduce the risk of interception.

Public Exploit Available: false

Organizations using Amazon Athena must prioritize this update to protect their authentication chain. Applying the version 2.0 update is the only effective way to ensure that identity provider connections are properly authenticated and secured against interception.